|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Forms Authentication with Active Directory, login control crashesI'm developing an ASP.net 2.0 application that use Forms Authentication. I’m using the login control that came with V.S. 2005. I configured my web.config to use Active Directory Membership/Authentication. Everything works fine. I can login using the correct username and password, and if you login with incorrect user name, it displays a message saying "Your login attempt was not successful. Please try again" which is expected. But the problem is, if I login with correct username but incorrect password, the application throws an exception (please see the server error message below). I can't find the solution to fix this problem, or at least be able to catch the exception so that I can display a friendly and helpful message to the user. I have tried everything, spent long nights finding the answer but can't seem to make this work. Any ideas or thoughts would be much appreciated Thanks in advance. Edwin Tierra This is the content of web.config that is related to security/login: <connectionStrings> <add name="ADConnectionString" connectionString=LDAP://ads-server.mydomain.net/DC=mydomain,DC=net /> <add name="MyASPNETDBConnectionString" connectionString="Data Source=myDBServer;Initial Catalog=ASPNETDB;Integrated Security=True" providerName="System.Data.SqlClient"/> </connectionStrings> <authorization> <allow roles="sysadmin" /> <allow roles="projadmin" /> <allow roles="managers" /> <deny users="?" /> </authorization> <authentication mode="Forms"> <forms name=".ADAuthCookie" defaultUrl="default.aspx" timeout="30" domain="" /> </authentication> <roleManager enabled="true" defaultProvider="CustomizedRoleProvider" cookieTimeout="30" cookieSlidingExpiration="true"> <providers> <add connectionStringName="MyASPNETDBConnectionString" name="CustomizedRoleProvider" type="System.Web.Security.SqlRoleProvider" applicationName="/PMS.Net"/> </providers> </roleManager> <membership defaultProvider="MyADMembershipProvider"> <providers> <add connectionStringName="ADConnectionString" applicationName="/PMS.Net" connectionUsername="mydomain\administrator" connectionPassword="password" attributeMapUsername="sAMAccountName" enableSearchMethods="true" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> This is the error message that I get when the application crashes: Server Error in '/' Application. A local error occurred. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.DirectoryServices.Protocols.LdapException: A local error occurred. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [LdapException: A local error occurred.] System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential newCredential, Boolean needSetCredential) +990 System.DirectoryServices.Protocols.LdapConnection.Bind(NetworkCredential newCredential) +6 System.Web.Security.ActiveDirectoryMembershipProvider.ValidateCredentials(String username, String password) +221 System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUserCore(String username, String password) +1180 System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUser(String username, String password) +15 System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +160 System.Web.UI.WebControls.Login.AttemptLogin() +105 System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +99 System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35 System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +115 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +163 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +7 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +11 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5102 Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42 This is an evil error message that comes from the Windows subsystem when
LDAP attempts to use SSPI to do a secure bind to the server. The "local error" typically occurs (when I've seen it) when there is an issue with Kerberos. That often happens when DNS is hosed. Do you have any strange errors from Kerberos in the system event log or any other funny failure messages in the security log (make sure logon auditing enabled) that says something like "the target principal name is incorrect" or something like that? Joe K. -- Show quoteHide quoteJoe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "etierra" <etie***@discussions.microsoft.com> wrote in message news:9C2922CE-B9AC-47C2-A890-9866814D6A09@microsoft.com... > Hi, > > I'm developing an ASP.net 2.0 application that use Forms Authentication. I'm > using the login control that came with V.S. 2005. I configured my > web.config > to use Active Directory Membership/Authentication. Everything works fine. > I > can login using the correct username and password, and if you login with > incorrect user name, it displays a message saying "Your login attempt was > not > successful. Please try again" which is expected. > But the problem is, if I login with correct username but incorrect > password, > the application throws an exception (please see the server error message > below). I can't find the solution to fix this problem, or at least be able > to > catch the exception so that I can display a friendly and helpful message > to > the user. I have tried everything, spent long nights finding the answer > but > can't seem to make this work. Any ideas or thoughts would be much > appreciated > Thanks in advance. > Edwin Tierra > This is the content of web.config that is related to security/login: > <connectionStrings> > <add name="ADConnectionString" > connectionString=LDAP://ads-server.mydomain.net/DC=mydomain,DC=net /> > <add name="MyASPNETDBConnectionString" connectionString="Data > Source=myDBServer;Initial Catalog=ASPNETDB;Integrated Security=True" > providerName="System.Data.SqlClient"/> > </connectionStrings> > <authorization> > <allow roles="sysadmin" /> > <allow roles="projadmin" /> > <allow roles="managers" /> > <deny users="?" /> > </authorization> > <authentication mode="Forms"> > <forms name=".ADAuthCookie" defaultUrl="default.aspx" timeout="30" > domain="" /> > </authentication> > <roleManager enabled="true" defaultProvider="CustomizedRoleProvider" > cookieTimeout="30" cookieSlidingExpiration="true"> > <providers> > <add connectionStringName="MyASPNETDBConnectionString" > name="CustomizedRoleProvider" > type="System.Web.Security.SqlRoleProvider" > applicationName="/PMS.Net"/> > </providers> > </roleManager> > <membership defaultProvider="MyADMembershipProvider"> > <providers> > <add connectionStringName="ADConnectionString" > applicationName="/PMS.Net" > connectionUsername="mydomain\administrator" > connectionPassword="password" > attributeMapUsername="sAMAccountName" > enableSearchMethods="true" > name="MyADMembershipProvider" > type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, > Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> > </providers> > </membership> > > > This is the error message that I get when the application crashes: > Server Error in '/' Application. > > A local error occurred. > Description: An unhandled exception occurred during the execution of the > current web request. Please review the stack trace for more information > about > the error and where it originated in the code. > > Exception Details: System.DirectoryServices.Protocols.LdapException: A > local > error occurred. > > Source Error: > > An unhandled exception was generated during the execution of the current > web > request. Information regarding the origin and location of the exception > can > be identified using the exception stack trace below. > > Stack Trace: > > [LdapException: A local error occurred.] > System.DirectoryServices.Protocols.LdapConnection.BindHelper(NetworkCredential > newCredential, Boolean needSetCredential) +990 > System.DirectoryServices.Protocols.LdapConnection.Bind(NetworkCredential > newCredential) +6 > System.Web.Security.ActiveDirectoryMembershipProvider.ValidateCredentials(String > username, String password) +221 > System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUserCore(String > username, String password) +1180 > System.Web.Security.ActiveDirectoryMembershipProvider.ValidateUser(String > username, String password) +15 > System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) > +160 > System.Web.UI.WebControls.Login.AttemptLogin() +105 > System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) > +99 > System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +35 > System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +115 > System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) > +163 > System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String > eventArgument) +7 > System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, > String eventArgument) +11 > System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 > System.Web.UI.Page.ProcessRequestMain(Boolean > includeStagesBeforeAsyncPoint, > Boolean includeStagesAfterAsyncPoint) +5102 > > > Version Information: Microsoft .NET Framework Version:2.0.50727.42; > ASP.NET > Version:2.0.50727.42 >  
Other interesting topics
accessing emails using owa ... traceable?
System.String vs SecureString Security problems in .Net web application Unhandled exception vs handled (security issue) Kerberos Token Renewal Impersonation testing Security Exception Help!! InvalidOperationException in GetProcessesByName!! Can I retrieve Unix box OS info using DirectoryEntry Property OS? Is all .NET assembles are vulnerable to decompilation ? |
|||||||||||||||||||||||
